Last revised on March 22, 2020, effective as of March 22, 2020
The database generated from the Company website and services belong to CPAP STORE Ltd, with company registration number 202438857 and headquartered at 9 Tsar Boris III 3rd Floor, Petrich 2850, officially registered to Bulgarian Drug Agency, Number of Certification BG/WDA/MD-0602/08.12.2022 г. and to commission for Personal Data Protection with Number of Certification 379685. CPAP STORE Ltd guarantees the fulfillment of the data protection conventions in accordance with the Personal Data Protection Act and Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016. These Rules have been approved and issued under Article 23, paragraph (4) of the Law on Personal Data Protection and Regulation # 1 of February 7, 2007, relating to the Minimum Level of Technical and Organizational Measures and Required Type of Protection of Personal Data, issued by the Commission for Personal Data Protection, promulgated in State Gazette # 25 of 23.03.2007. As soon as a User has registered on the Company, their personal data, addresses, and means of payments (only payment method) are incorporated into the Company database so they may enjoy the services and products of the Company. This aim is to provide the User with access to and use of the Company and its products, allow the Company to draw up statistics on those services used and requested by the User and send out requested service updates.
At any time, Users may exercise their rights of access, rectification, cancellation, and opposition to the processing of personal data by sending an email to support(at)cpapmask.eu or by writing a letter to the above-stated CPAP store Ltd address.
Information We Collect
- Personal identification data: full name, address, phone number, email address, and any other notes may be applied.
- Financial data: VAT number, if applicable, way of payments.
- Device-specific data: IP address, device type, and version,
- Log data: referring URL and domain, pages visited, geographic location, preferred language used to display the webpage, and date and time when website pages were accessed.
- All Other possible information which is associated with the order and our services.
- Fulfilling obligations to the National Revenue Agency, the Ministry of Internal Affairs, and other state and municipal bodies.
- Tax Office and the Accountants.
- Some personal data can be collected (checkout page) without the User’s order confirmation or payment complete.
How We Use the data
- We use all the provided data to aim for the order to be fulfilled.
- Promotional information, Order Notifications via email, Viber, WhatsApp, Phone Calls, SMS, and Social.
- Other communication ways to support and everything else related to the services and products we provide.
- We store your personal data in our ERP Software to have historical tractability of the ordered products per European regulations MDR/745 for Medical Products.
Duration of storage of your Personal Data
- CPAPmask.eu stores your personal data for a period not longer than the existence of the profile in the e-shop or at requested withdrawal.
- The personal data in our ERP software remains for 10 years for the purposes of the EU MDR/745, and the Company will delete inactive accounts.
Transfer of your Personal Data
- The Company may, at its own direction, transfer all or part of your personal data for the fulfillment of the processing purposes to which you have agreed, subject to compliance with the requirements of Regulation (EU) 2016/679 (GDPR).
- We automatically transfer to mailchimp.com for email notifications and promotional notifications.
- To aftersalespro.com and aftership.com for the shipment and voucher generation with the associated courier (UPS-DHL).
- To Courier Companies UPS, DHL, Geniki courier, ACS courier, Elta post.
Security and Data Centre Location
The CPAPmask primary data and servers are hosted at FastComet inc, at a dedicated server in Germany (EU).
The Company has implemented various measures to ensure that Your information is protected against unauthorized access, use, disclosure, and destruction. Please remember that risk can never be eliminated. Still, it can be significantly mitigated and reduced—all measures which Company has taken significantly reduce the risk. Company shall not be held liable by any Third Party, including You, in any event of unauthorized access, use, and/or disclosure of information provided that such is not due to Gross Negligence, wilful misconduct, fraud, or bad faith by Company.
Security measures adopted by the Company include:
- Access to the information stored within CPAPmask.eu servers are restricted to a limited number of CPAPmask.eu employees (only Managers of the Company) and Third Parties who can access the information only in specific and limited circumstances and are bound by confidentiality.
- CPAPmask.eu servers are protected by (1) firewalls establishing a barrier between Our trusted, secure internal network and the Internet and (2) IP restrictions, limiting access to whitelisted IP addresses.
- Each User may only access information pertaining to its CPAPmask.eu account.
- We use SSL for CPAPmask.eu, providing secure data transfer to prevent wiretapping and man-in-the-middle attacks.
Access and Disclosure
The Company does not rent or sell your Personal Information, but we do disclose Your information to a limited set of trusted Third Parties in the situations explained below, for which You, by using Our Services or Company, hereby explicitly consent.
- We will disclose Your personal information where We are bound to do so, at Law or via a court order as well as to meet any legal or regulatory requirement or obligations. We will use all reasonable efforts to ensure that those requirements or obligations are in accordance with Applicable Law.
- We reserve the right to disclose Your information to any Third Party if We have reasonable information to believe that the disclosure is necessary for the purpose of an investigation and/or for the enforcement of any breaches of the Terms of Service (if applicable), to detect, prevent or otherwise address fraud, security, technical issues or other irregularities or illegalities, protect the rights and interests as well as the property of Company.
- CPAPmask also works with Third-Party providers, which provide important functions to us that allow us to offer You a better service and other business partners. We need to disclose user data to them from time to time so that the services can be performed.
- We only share information with the Third Party that is required for the service they offer. We contractually bind these providers to keep any data We share with them confidential and to be used only for particular purposes. For example, amongst others, we have providers that process Our credit card transactions, support Our internal support system, and manage Our marketing communications. By using CPAPmask.eu or CPAPmask, you explicitly consent to and authorize us to sub-contract in this manner.
- For more information regarding the cookies “click here. “
- How to delete the cookies “click here. “
Third Parties Companies and what we share with them individually.
All our transactions are invoiced to the User, and for each sale, we share the needed data with our TAX office for accounting purposes.
Logistic Warehouse (CPAPSTORE GP)
All our order requests are transferred to the contracted business for the fulfillment of the orders generated by cpapmask.eu to CPAPSTORE GP, 105 Sokratous str, Kallithea 17672 – Athens, Greece, which stocks all products and handles all shipments.
Google Analytics and AdWords Services
What are Google AdWords and Google Analytics? Google Ads is a product that you can use to promote your business, help sell products or services, raise awareness, and increase traffic to your website. Google Analytics is a platform that collects data from the company website and creates reports that provide insights into your business. The same goes for Google Fonts, which our websites use for proper font structure.
Microsoft Analytics and AdWords Services
Microsoft Advertising is an internet marketing service that lets brands advertise their products, services, websites, and stores in search results on the Bing platform. Microsoft Advertising will collect data that allows you to track conversion goals and target audiences with remarketing lists. Universal Event Tracking (UET) is a tool that records visitors’ (unique and returning) activity on the website.
What is MailChimp or mailchimp.com? We use a mailing system to send emails, order updates, news, and promotional information to our subscribers and shoppers. Also, we use the MailChimp platform as a reminder for users to act accordingly regarding the purchase or interest. Lastly, we have an integration that allows MailChimp to send notifications of abandoned carts.
- What we share with MailChimp: IP address, Geo Location, email, first – last name, products, and details.
- How to unsubscribe: Press the “unsubscribe” from the bottom of the email. Or send us an email to support(at)cpapmask.eu, and we will do the rest for you.
- The abandoned card is triggered when you enter your email at our checkout page.
- You can read more about MailChimp and GDPR here
Aftership.com and Aftersalespro.com
What are aftership.com and aftersalespro.com? It is an order-tracking and voucher-generator platform. The tracking numbers of order shipments are automatically added. Also, as an order notification panel, the customer could get announced about the location of His/Her Order via email or even by mobile text message.
- What We Share: First name, last name, order ID, email, phone number. Address of origin, address of the destination, IP address.
- Delete the data above: send us an email to support(at)cpapmask.eu, and we will delete all your data from the aftership.com or aftersalespro.com
Order Deliveries UPS, DHL courier or regular Post
What is UPS, DHL courier, and the Regular Post: UPS and DHL are global leaders as courier companies. We use UPS or DHL as our primary shipment company or regular Post.
- What we share: First and Last names, addresses, email, phone numbers, and one description of the ordered products.
- How to delete the data: we use all the data above to make possible one safe delivery.
All contact forms from cpapmask go directly to our email address. No information except for what you provide is being sent or registered. All emails we receive are deleted after being answered and resolved, and no information is kept.
What resolved to mean? Answered means answering your question and considering your initial question being answered and resolved.
To ensure the safety of the very sensitive data, we use the most known payment gateways, such as paypal.com, mollie.com. We do not handle or manage any payment details, nor do we keep any payment details on file/ record. When an order is processed and payment is successful, the customer will be re-directed back to our “Thank You” page.
- PayPal requires an account and a linked card in order to proceed with the purchase with paypal. All the data is stored on PayPal servers and not in ours.
- Mollie is one of the most trustful companies in Europe, which also fully complains about the GDPR and its location in the Netherlands. They offer a variety of electronic payment ways.
Governing Law and Dispute Resolution